8.2: Crowdstrike pledges that it operates in a professional manner consistent with industry standards.
8.4: Crowdstrike will do its best to fix problems reported. If they can't you get a refund for whatever's left of your subscription.
8.6: There is no guarantee that the product will successfully protect all threats, if something still destroys your system, Crowdstrike is not liable.
8.7: The product may have bugs, not do anything or not work at all and there's nothing you can say about that.
10: Whatever damages incur from your use of the product, they're on you. Even if CrowdStrike could have prevented it.
Never use the product in sensitive environments, such as aircraft navigation systems (you can't make this stuff up), nuclear facilities, etc.
So... I guess a lot will hinge on whether CrowdStrike violated 8.2 by failing to meet industry standards with their update. I expect communication on this subject will not be super forthcoming.
Beyond goodwill gestures to protect their image, I don't think they're liable.
This is a good time to point out how cybersecurity has become a business of transferring accountability to third parties (you don't buy security, you buy someone to blame when it all goes down). But it's largely symbolic since nobody is liable, and this might even be a feature.
I intend to write a long-form post about this aspect, stay tuned! /thread
• • •
Missing some Tweet in this thread? You can try to
force a refresh